Datenbank/Kryptografie: Unterschied zwischen den Versionen
K Textersetzung - „Verschlüsselung“ durch „Kryptografie“ |
|||
| Zeile 1: | Zeile 1: | ||
== MySQL == | |||
=== Tested with Versions === | |||
* MySQL 5.5 on Debian Wheezy | * MySQL 5.5 on Debian Wheezy | ||
* MySQL 5.7.20 on Ubuntu 16.04.3 | * MySQL 5.7.20 on Ubuntu 16.04.3 | ||
=== Settings === | |||
=== References === | |||
MySQL Documentation on [https://dev.mysql.com/doc/refman/5.7/en/using-encrypted-connections.html Configuring MySQL to Use Encrypted Connections]. | MySQL Documentation on [https://dev.mysql.com/doc/refman/5.7/en/using-encrypted-connections.html Configuring MySQL to Use Encrypted Connections]. | ||
=== How to test === | |||
After restarting the server run the following query to see if the ssl settings are correct: | After restarting the server run the following query to see if the ssl settings are correct: | ||
show variables like '%ssl%'; | show variables like '%ssl%'; | ||
== DB2 == | |||
=== Tested with Version === | |||
We do not test this here, since we only reference other papers for DB2 so far. | We do not test this here, since we only reference other papers for DB2 so far. | ||
=== Settings === | |||
==== ssl_cipherspecs ==== | |||
In the link above the whole SSL-configuration is described in-depth. The following command shows only how to set the recommended ciphersuites. | In the link above the whole SSL-configuration is described in-depth. The following command shows only how to set the recommended ciphersuites. | ||
| Zeile 47: | Zeile 41: | ||
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA | TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA | ||
=== References === | |||
IBM DB2 Documentation on ''Supported cipher suites''.[https://www.ibm.com/support/knowledgecenter/SSEPGG_9.7.0/com.ibm.db2.luw.admin.sec.doc/doc/c0053544.html https://www.ibm.com/support/knowledgecenter/SSEPGG_9.7.0/com.ibm.db2.luw.admin.sec.doc/doc/c0053544.html] | IBM DB2 Documentation on ''Supported cipher suites''.[https://www.ibm.com/support/knowledgecenter/SSEPGG_9.7.0/com.ibm.db2.luw.admin.sec.doc/doc/c0053544.html https://www.ibm.com/support/knowledgecenter/SSEPGG_9.7.0/com.ibm.db2.luw.admin.sec.doc/doc/c0053544.html] | ||
== PostgreSQL == | |||
=== Tested with Versions === | |||
* Debian Wheezy and PostgreSQL 9.1 | * Debian Wheezy and PostgreSQL 9.1 | ||
* Linux Mint 14 nadia / Ubuntu 12.10 quantal with PostgreSQL 9.1+136 and OpenSSL 1.0.1c | * Linux Mint 14 nadia / Ubuntu 12.10 quantal with PostgreSQL 9.1+136 and OpenSSL 1.0.1c | ||
=== Settings === | |||
To start in SSL mode the <tt>server.crt</tt> and <tt>server.key</tt> must exist in the servers data directory <tt>$PGDATA</tt>. | ; To start in SSL mode the <tt>server.crt</tt> and <tt>server.key</tt> must exist in the servers data directory <tt>$PGDATA</tt>. | ||
{| class="wikitable sortable options" style="border-spacing:0;width:13.102cm;" | {| class="wikitable sortable options" style="border-spacing:0;width:13.102cm;" | ||
|- | |- | ||
| Zeile 66: | Zeile 58: | ||
|} | |} | ||
=== References === | |||
It’s recommended to read [https://www.postgresql.org/docs/9.1/runtime-config-connection.html#RUNTIME-CONFIG-CONNECTION-SECURITY Security and Authentication] in the manual. | It’s recommended to read [https://www.postgresql.org/docs/9.1/runtime-config-connection.html#RUNTIME-CONFIG-CONNECTION-SECURITY Security and Authentication] in the manual. | ||
PostgreSQL Documentation on [https://www.postgresql.org/docs/9.1/ssl-tcp.html Secure TCP/IP Connections with SSL]. | * PostgreSQL Documentation on [https://www.postgresql.org/docs/9.1/ssl-tcp.html Secure TCP/IP Connections with SSL]. | ||
PostgreSQL Documentation on [https://www.postgresql.org/docs/9.1/auth-pg-hba-conf.html Client Authentication]. | * PostgreSQL Documentation on [https://www.postgresql.org/docs/9.1/auth-pg-hba-conf.html Client Authentication]. | ||
=== How to test === | |||
To test your ssl settings, run <tt>psql</tt> with the sslmode parameter: | To test your ssl settings, run <tt>psql</tt> with the sslmode parameter: | ||
$ psql "sslmode=require host=postgres-server dbname=database" your-username | $ psql "sslmode=require host=postgres-server dbname=database" your-username | ||
== Weblinks == | == Weblinks == | ||
Version vom 18. Januar 2023, 11:47 Uhr
MySQL
Tested with Versions
- MySQL 5.5 on Debian Wheezy
- MySQL 5.7.20 on Ubuntu 16.04.3
Settings
References
MySQL Documentation on Configuring MySQL to Use Encrypted Connections.
How to test
After restarting the server run the following query to see if the ssl settings are correct: show variables like '%ssl%';
DB2
Tested with Version
We do not test this here, since we only reference other papers for DB2 so far.
Settings
ssl_cipherspecs
In the link above the whole SSL-configuration is described in-depth. The following command shows only how to set the recommended ciphersuites.
- Recommended and supported ciphersuites
db2 update dbm cfg using SSL_CIPHERSPECS TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
References
IBM DB2 Documentation on Supported cipher suites.https://www.ibm.com/support/knowledgecenter/SSEPGG_9.7.0/com.ibm.db2.luw.admin.sec.doc/doc/c0053544.html
PostgreSQL
Tested with Versions
- Debian Wheezy and PostgreSQL 9.1
- Linux Mint 14 nadia / Ubuntu 12.10 quantal with PostgreSQL 9.1+136 and OpenSSL 1.0.1c
Settings
- To start in SSL mode the server.crt and server.key must exist in the servers data directory $PGDATA.
| Starting with version 9.2, you have the possibility to set the path manually. |
References
It’s recommended to read Security and Authentication in the manual.
- PostgreSQL Documentation on Secure TCP/IP Connections with SSL.
- PostgreSQL Documentation on Client Authentication.
How to test
To test your ssl settings, run psql with the sslmode parameter:
$ psql "sslmode=require host=postgres-server dbname=database" your-username